summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog29
-rw-r--r--fc-cat/fc-cat.c4
-rw-r--r--fc-lang/fc-lang.c3
-rw-r--r--src/fccharset.c5
-rw-r--r--src/fcfreetype.c6
-rw-r--r--src/fclang.c8
-rw-r--r--src/fcname.c8
-rw-r--r--src/fcpat.c11
8 files changed, 61 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 145ddeeb..fdd376a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,32 @@
+2006-04-11 Patrick Lam <plam@mit.edu>
+ * src/fccharset.c (FcCharSetPutLeaf):
+
+ Properly convert static charsets to dynamic charsets.
+
+2006-04-11 Frederic Crozat <fcrozat@mandriva.com>
+ reviewed by: plam
+
+ * src/fcpat.c: (FcValueListEntCreate, FcPatternBaseFreeze,
+ FcPatternFreeze):
+ Fix memory leak in error case (Coverity defects #1820, #1821, #1822).
+
+ * src/fclang.c: (FcNameUnparseLangSet):
+ Fix memory leak (Coverity defect #1819).
+
+ * fc-lang/fc-lang.c: (scan):
+ prevent crash when invalid include line is parsed (Coverity defect
+ #763).
+
+ * fc-cat/fc-cat.c: (FcCacheFileRead):
+ Fix potential null pointer access (Coverity defect #1804).
+
+ * src/fcname.c: (FcObjectUnserialize):
+ Remove dead code (Coverity defect #1194).
+
+ * src/fcfreetype.c: (GetScriptTags):
+ Prevent potential null pointer access (Coverity defect #767),
+ ensure error value is read (Coverity defect #1195).
+
2006-04-11 Behdad Esfahbod <behdad@cs.toronto.edu>
reviewed by: plam
diff --git a/fc-cat/fc-cat.c b/fc-cat/fc-cat.c
index 80c381c0..09b20f66 100644
--- a/fc-cat/fc-cat.c
+++ b/fc-cat/fc-cat.c
@@ -244,6 +244,7 @@ FcCacheFileRead (FcFontSet * set, FcStrSet *dirs, char *cache_file)
char subdirName[FC_MAX_FILE_LEN + 1 + 12 + 1];
static char name_buf[8192], *dir;
FcChar8 * ls;
+ char * buf;
if (!cache_file)
goto bail;
@@ -265,7 +266,8 @@ FcCacheFileRead (FcFontSet * set, FcStrSet *dirs, char *cache_file)
if (current_arch_start < 0)
goto bail1;
- while (strlen(FcCacheReadString (fd, subdirName, sizeof (subdirName))) > 0)
+ while ((buf = FcCacheReadString (fd, subdirName, sizeof (subdirName)))
+ && *buf)
FcStrSetAdd (dirs, (FcChar8 *)subdirName);
dir = strdup(name_buf);
diff --git a/fc-lang/fc-lang.c b/fc-lang/fc-lang.c
index 6a863e4e..b72893b9 100644
--- a/fc-lang/fc-lang.c
+++ b/fc-lang/fc-lang.c
@@ -143,6 +143,9 @@ scan (FILE *f, char *file)
if (!strncmp (line, "include", 7))
{
file = strchr (line, ' ');
+ if (!file)
+ fatal (line, lineno,
+ "invalid syntax, expected: include filename");
while (isspace(*file))
file++;
f = scanopen (file);
diff --git a/src/fccharset.c b/src/fccharset.c
index d1a9d6ec..531a9b8c 100644
--- a/src/fccharset.c
+++ b/src/fccharset.c
@@ -168,6 +168,7 @@ FcCharSetPutLeaf (FcCharSet *fcs,
return FcFalse;
if (fcs->bank != FC_BANK_DYNAMIC)
{
+ /* convert to dynamic */
int i;
leaves = malloc ((fcs->num + 1) * sizeof (FcCharLeaf *));
@@ -183,6 +184,10 @@ FcCharSetPutLeaf (FcCharSet *fcs,
leaves[i] = FcCharSetGetLeaf(fcs, i);
memcpy (numbers, FcCharSetGetNumbers(fcs),
fcs->num * sizeof (FcChar16));
+
+ fcs->bank = FC_BANK_DYNAMIC;
+ fcs->u.dyn.leaves = leaves;
+ fcs->u.dyn.numbers = numbers;
}
else
{
diff --git a/src/fcfreetype.c b/src/fcfreetype.c
index 2689b9f2..5d852a50 100644
--- a/src/fcfreetype.c
+++ b/src/fcfreetype.c
@@ -2744,11 +2744,13 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags, FT_UShort *scri
FT_Stream stream = face->stream;
FT_Error error;
FT_UShort n, p;
- FT_Memory memory = stream->memory;
+ FT_Memory memory;
if ( !stream )
return TT_Err_Invalid_Face_Handle;
+ memory = stream->memory;
+
if (( error = ftglue_face_goto_table( face, tabletag, stream ) ))
return error;
@@ -2795,7 +2797,7 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags, FT_UShort *scri
cur_offset = ftglue_stream_pos( stream );
- if ( ftglue_stream_seek( stream, new_offset ) )
+ if (( error = ftglue_stream_seek( stream, new_offset ) ))
goto Fail;
if ( error == TT_Err_Ok )
diff --git a/src/fclang.c b/src/fclang.c
index 7af6ed19..4d171acf 100644
--- a/src/fclang.c
+++ b/src/fclang.c
@@ -567,9 +567,15 @@ FcNameUnparseLangSet (FcStrBuf *buf, const FcLangSet *ls)
{
if (!first)
if (!FcStrBufChar (buf, '|'))
+ {
+ FcStrListDone (list);
return FcFalse;
+ }
if (!FcStrBufString (buf, extra))
- return FcFalse;
+ {
+ FcStrListDone (list);
+ return FcFalse;
+ }
first = FcFalse;
}
}
diff --git a/src/fcname.c b/src/fcname.c
index 2f6f4e6d..a0a84a39 100644
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -381,19 +381,11 @@ FcObjectUnserialize (FcCache * metadata, void *block_ptr)
int i;
char * bp = (char *)block_ptr;
FcObjectType * bn;
- FcObjectTypeList * bnl;
bn = malloc (sizeof (const FcObjectType) * (new_biggest + 1));
if (!bn)
return 0;
- bnl = malloc (sizeof (FcObjectTypeList));
- if (!bnl)
- {
- free (bn);
- return 0;
- }
-
for (i = 0; i < new_biggest; i++)
{
const FcObjectType * t = FcNameGetObjectType(bp);
diff --git a/src/fcpat.c b/src/fcpat.c
index ba88ebf9..5865546c 100644
--- a/src/fcpat.c
+++ b/src/fcpat.c
@@ -399,7 +399,10 @@ FcValueListEntCreate (FcValueListPtr h)
return 0;
new = malloc (n * sizeof (FcValueList));
if (!new)
+ {
+ free (ea);
return 0;
+ }
memset(new, 0, n * sizeof (FcValueList));
FcMemAlloc (FC_MEM_VALLIST, size);
e = &ea->ent;
@@ -575,11 +578,14 @@ FcPatternBaseFreeze (FcPattern *b)
ep = FcPatternCreate();
if (!ep)
- return 0;
+ goto bail;
ent->pattern = ep;
epp = malloc(b->num * sizeof (FcPatternElt));
if (!epp)
+ {
+ FcPatternDestroy (ep);
goto bail;
+ }
ep->elts = FcPatternEltPtrCreateDynamic(epp);
FcMemAlloc (FC_MEM_PATELT, sizeof (FcPatternElt)*(b->num));
@@ -650,7 +656,10 @@ FcPatternFreeze (FcPattern *p)
e = malloc(b->num * sizeof (FcPatternElt));
if (!e)
+ {
+ FcPatternDestroy (b);
return 0;
+ }
b->elts = FcPatternEltPtrCreateDynamic(e);
FcMemAlloc (FC_MEM_PATELT, sizeof (FcPatternElt)*(b->num));